この記事は約10分11秒で読むことができます。

dockerコンテナを洗い替えたとき、known_hostsから前回分の情報を消す必要がある話

参考文献

SSH接続エラー回避方法:.ssh/known_hostsから特定のホストを削除する/削除しないで対処する3つの方法  

事象

コード表示

[oracle@centos tadan]$ make down
Stopping ssh2 ... done
Stopping ssh1 ... done
Stopping ssh3 ... done
Removing ssh2 ... done
Removing ssh1 ... done
Removing ssh3 ... done
Removing network tadan_ssh_net
[oracle@centos tadan]$ make up
Creating network "tadan_ssh_net" with driver "bridge"
Creating ssh3 ... done
Creating ssh1 ... done
Creating ssh2 ... done
[oracle@centos tadan]$ ssh ssh1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:OoMoh61WZ8knoUjKEuWBPcXmY4ZvJVhMqJtTPVRNLBg.
Please contact your system administrator.
Add correct host key in /home/oracle/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/oracle/.ssh/known_hosts:1
ECDSA host key for 192.168.100.101 has changed and you have requested strict checking.
Host key verification failed.

対策

鍵もそのままで、OK。クライアント側でのホスト認証鍵チェックだけうまくかわせればOK。

コード表示

[oracle@centos tadan]$ cd -
/home/oracle/.ssh
[oracle@centos .ssh]$ ll
合計 16
-rw-r--r--. 1 oracle docker  370  5月 12 11:08 config
-rw-------. 1 oracle docker 1766  5月 12 11:33 id_rsa
-rw-r--r--. 1 oracle docker  395  5月 12 11:33 id_rsa.pub
-rw-r--r--. 1 oracle docker  177  5月 12 11:38 known_hosts
[oracle@centos .ssh]$ cat k*
192.168.100.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFVRh5jbQGNt3XttWKmwqUYP9A9lh5S2YBi79mxmLwQ4GiOnfstBNH3teOCVyFm/3Ae23c4/fu7TLW+oAjswiAU=
[oracle@centos .ssh]$ sed -i '/192.168.100.101/d' ~/.ssh/known_hosts
[oracle@centos .ssh]$ cat k*
[oracle@centos .ssh]$ ssh ssh1
The authenticity of host '192.168.100.101 (192.168.100.101)' can't be established.
ECDSA key fingerprint is SHA256:OoMoh61WZ8knoUjKEuWBPcXmY4ZvJVhMqJtTPVRNLBg.
ECDSA key fingerprint is MD5:76:6a:b4:00:66:ba:92:ef:e7:2e:9c:70:d3:bf:bb:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.101' (ECDSA) to the list of known hosts.
root@192.168.100.101's password: 
[root@ssh1 ~]# 

あとがき

ホスト名変えられた!hostnameタグで指定。

コード表示

[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  ssh_saba1:
    image: centos_ssh
    container_name: ssh1
    hostname: ssh1
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh1:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  ssh_saba2:
    image: centos_ssh
    container_name: ssh2
    hostname: ssh2
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh2:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
  ssh_saba3:
    image: centos_ssh
    container_name: ssh3
    hostname: ssh3
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh3:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.103
    ports:
      - '3:22'
networks:
  ssh_net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24

One thought on “dockerコンテナを洗い替えたとき、known_hostsから前回分の情報を消す必要がある話”

Leave a Reply

Your email address will not be published. Required fields are marked *